On 02/02/2016 11:35 PM, Simpson Lachlan wrote: > Hola, > > Presuming a regular machine, I've started the join as per instructions: > > yum install ipa-client > > [root@vmts-linux1 ~]# ipa-client-install > Error checking LDAP: Operations error: 000004DC: LdapErr: DSID-0C0906E8, > comment: In order to perform this operation a successful bind must be > completed on the connection., data 0, v1db1 > Discovery was successful! > Client hostname: vmts-linux1.unix.example.org > Realm: UNIX.EXAMPLE.ORG > DNS Domain: unix.example.org > IPA Server: dc1.example.org > BaseDN: dc=unix,dc=example,dc=org > > > There are two things here that I'd like to understand. > > 1. There was an error, but the process seems to have been successful? Should > I be investigating that error or is it to be expected?
Hi Simpson, I suspect that ipa-client-install had problems verifying a server during the discovery, so it may have assumed some values itself, it probably did it wrong. Details are in the ipaclient-install.log. > 2. The IPA server is wrong - the machine it has found the PDC server (with a > one way trust IPA->AD), but not the IPA server. I can only presume this is in > error and that I should run the command again explicitly stating the IPA > server? So are you saying that FreeIPA actually discovered on an AD server? Do you DNS domain with SRV records for FreeIPA set up? If yes, you can pass it via "--domain" option of ipa-client-install, without using hard coded server list via "--server" options. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
